Stanford says data from 27,000 people leaked in September ransomware attack


A ransomware gang accessed the personal information of more than 27,000 people on Stanford University servers during a cyberattack last year, the university warned this week.

The California-based school began sending out breach notification letters this week, 10 months after the Akira ransomware gang first compromised the school’s systems.

Stanford University released a statement on Monday saying their investigation uncovered clues indicating the hackers had gained access to the Department of Public Safety’s network from May 12 until September 27, 2023.

“The incident does not involve any Stanford systems or networks beyond the one used by the Department of Public Safety,” the school said, noting that federal and local law enforcement investigations are ongoing.

“The personal information that may have been affected varies from person to person but could include date of birth, Social Security number, government ID, passport number, driver’s license number, and other information the Department of Public Safety may have collected in its operations.”

The statement adds that for an additional group of victims, some “biometric data, health/medical information, email address with password, username with password, security questions and answers, digital signature, and credit card information with security codes” may have been accessed by the hackers.

In documents filed with regulators in Maine, the school said the large time gap between the attack and the notification was because the incident “required time to analyze.”

Victims will be offered two years of free identity protection services.

The Akira ransomware gang claimed that it stole 430 gigabytes of data in the attack. The gang targeted several U.S. colleges and K-12 schools in 2023 after emerging last March.

Stanford University previously dealt with a cybersecurity incident in 2021, when the Clop ransomware gang stole and leaked personal information obtained through a vulnerability in the Accellion File Transfer Appliance (FTA) software. The breach involved Social Security numbers and more taken from Stanford Medicine.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

ODNI appoints new election security leader ahead of presidential race

Next Post

JetBrains vulnerability exploitation highlights debate over ‘silent patching’

Related Posts

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS
Read More

Expert-Led Webinar – Uncovering Latest DDoS Tactics and Learn How to Fight Back

In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary
Read More